Js 应用程序不能在端口80上运行,即使没有其他进程阻塞该端口

我在安装了 Node.js 的 Amazon EC2上运行一个 Debian 实例,如果我运行以下代码:

http = require('http');


http.createServer(function (request, response){
response.writeHead(200, {'Content-Type':'text/plain'});
response.end('Hello World\n');
}).listen(80);
console.log("Running server at port 80");

我得到了下面的输出,它告诉我在端口80处还有另一个进程在监听:

Running server at port 80


events.js:72
throw er; // Unhandled 'error' event
^
Error: listen EACCES
at errnoException (net.js:901:11)
at Server._listen2 (net.js:1020:19)
at listen (net.js:1061:10)
at Server.listen (net.js:1127:5)
at Object.<anonymous> (/home/admin/nodetests/nodetest.js:6:4)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)

现在,当我检查80端口上是否有一个进程(作为 root 用户,以防有什么东西被隐藏)正在监听时,使用:

netstat -tupln

我得到了下面的输出,它告诉我端口80没有监听:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1667/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1667/sshd

我应该注意到,如果有区别的话,debian 将端口80作为入站规则打开。

我的问题是: 我做错了什么?为什么我不能识别监听端口80的进程?为什么在 Debian 里被屏蔽了?我应该采取什么步骤使代码正确运行?

92638 次浏览
小开
最佳答案

The error code EACCES means you don't have proper permissions to run applications on that port. On Linux systems, any port below 1024 requires root access.

小开

Instead of running on port 80 you can redirect port 80 to your application's port (>1024) using 

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000

This will work if your application is running on port 3000.

小开

Short answer: You can allow node access to that port using:

setcap 'cap_net_bind_service=+ep' /path/to/nodejs

long answer

Edit:

May not work on new node versions

小开

Note that if you have apache running, you can create a reverse proxy on a vhost. If your node is running on port 8080:

<VirtualHost 127.0.0.1:80>
ServerName myLocalServer


ProxyPass        /  http://localhost:8080/
ProxyPassReverse /  http://localhost:8080/
</VirtualHost>

Of course, add server to /etc/hosts:

127.0.0.1    myLocalServer

You will need to enable the relevant apache modules:

sudo a2enmod proxy_html
sudo a2enmod proxy_http
sudo a2enmod proxy_connect
sudo a2enmod proxy_ajp
sudo service apache2 restart

...and now you can connect to http://myLocalServer.

小开

I have got the same error and I tried running my application using sudo and it worked for me.

without sudo 

mansi@mansi:~/NodePractice$ node myFirst.js
events.js:141
throw er; // Unhandled 'error' event
^


Error: listen EACCES 0.0.0.0:80
at Object.exports._errnoException (util.js:870:11)
at exports._exceptionWithHostPort (util.js:893:20)
at Server._listen2 (net.js:1224:19)
at listen (net.js:1273:10)
at Server.listen (net.js:1369:5)
at Object.<anonymous> (/home/mansi/NodePractice/myFirst.js:6:4)
at Module._compile (module.js:410:26)
at Object.Module._extensions..js (module.js:417:10)
at Module.load (module.js:344:32)
at Function.Module._load (module.js:301:12)

and with sudo

mansi@mansi:~/NodePractice$ sudo node myFirst.js
^C
小开

The error code EACCES means you don't have proper permissions to run applications on that port. On Linux systems, any port below 1024 requires root access.

Run the program with sudo permision. Run sudo su command before running the program.

小开

For those looking for a quick and easy solution for a development environment, port forwarding via ssh can be a nice alternative:

ssh -L 80:localhost:3000 yourusername@localhost -N

This forwards port 80 on localhost to port 3000 on localhost.

It needs to be run as root (privileged port). To cancel it, simply hit ctrl-c in the terminal. (You can add the -f flag to have the command run in the background, but then you need to find it again to kill it).

This solution requires you to have an ssh server running locally. It can be done quickly, but please bear in mind the security implications if you are on a shared network. You might want to apply at least some level of additional security (disable password & root login).

I personally only ever use this on my local machine. I'm not sure how it affects the processing speed of your requests if you run this on production, maybe someone has an idea. Anyway, you would need to make sure this command keeps running all the time, which introduces more headaches. For production environments, I suggest using a reverse proxy like nginx.

小开

the hexacyanide answer is right. but is there any solution to make this work?

the answer is yes.

how?

you can use a reverse proxy for example run a nginx reverse proxy on port 80 and pass the proxy to destination ip:port that node use it.

you can set this up using docker container that makes life even easier. this is the official build of nginx in docker hub that you can pull it.

there's even more benefits in using reverse proxy that you can google it.


提交答案